General

  • Target

    b45d1e5f0f35e6b22a0c35b77718b1be

  • Size

    2.9MB

  • Sample

    240305-lfwagsbe6v

  • MD5

    b45d1e5f0f35e6b22a0c35b77718b1be

  • SHA1

    090219b8c4dadcb90c55abb38f97a563178c52cf

  • SHA256

    a2cb852273d280527c2104c66073ae086c5ee54012de662f91ad7b97ee704bd1

  • SHA512

    c8f5858d1b6a6fe8f8ccae23a032cf7f8808d98ea20af9f028fad086fd55da41cbfe724c633c697a11c3f0d39c8095414f6fd0fa07bf8633b08b4365e6689769

  • SSDEEP

    49152:3Qh2oBYmnS3U1sQ3z14ExjkJ3cAitofVP4M338dB2IBlGuuDVUsdxxjeQZwxPYRr:As8YmnSUZzPwJ9bgg3gnl/IVUs1jePs

Malware Config

Extracted

Family

gozi

Targets

    • Target

      b45d1e5f0f35e6b22a0c35b77718b1be

    • Size

      2.9MB

    • MD5

      b45d1e5f0f35e6b22a0c35b77718b1be

    • SHA1

      090219b8c4dadcb90c55abb38f97a563178c52cf

    • SHA256

      a2cb852273d280527c2104c66073ae086c5ee54012de662f91ad7b97ee704bd1

    • SHA512

      c8f5858d1b6a6fe8f8ccae23a032cf7f8808d98ea20af9f028fad086fd55da41cbfe724c633c697a11c3f0d39c8095414f6fd0fa07bf8633b08b4365e6689769

    • SSDEEP

      49152:3Qh2oBYmnS3U1sQ3z14ExjkJ3cAitofVP4M338dB2IBlGuuDVUsdxxjeQZwxPYRr:As8YmnSUZzPwJ9bgg3gnl/IVUs1jePs

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks